At the end of each month we will be dedicating a blog post to GDPR and rounding up those well-known brands that have fallen short and have become victims of data breaches in the last couple of weeks. By bringing this to attention, we hope that we’re able to emphasise the seriousness of GDPR and hope that it will help those to manage their data better and therefore, better protect themselves from being hit with a data breach and the potentially business-threatening fine that comes with GDPR.

Superdrug

Superdrug was hit by a data breach back in August. Superdrug confirmed that customer’s names, addresses and in some cases date of births and phone numbers were exposed. Unfortunately for Superdrug, we know that this has occurred after the GDPR regulation has come into force, however no word has been said on the fine they will receive! They sent this email to their customers:

British Airways

BA came under attack at the beginning of the month, and was said to of had 380,000 transactions affected, those of which didn’t include travel or passport information however DID include bank card numbers, expiry dates and CVV codes. As this occurred very recently, the fine under GDPR could be a whopping maximum of £489 million, due to the maximum fine being 4% of global revenue under GDPR – BA had a total revenue of £12.226bn at the end of last year!

Equifax

Whilst Equifax’s breach happened before GDPR back in 2017, the fine has been announced. Equifax’s breach saw 15 million Brits and 146 million US affected, with names, addresses, birth dates and national insurance numbers accessed. Many of the Brits affected were unaware their information was held by the company for brands such as BT, Capital one and British Gas. The fine has been issued at £500,000, the highest amount possible before GDPR came into effect.